Editorial: NSA issue is costing US tech companies billions, and a fix is needed

By San Jose Mercury News, Digital First Media

Monday, December 16, 2013

When Edward Snowden’s revelations of National Security Agency spying shocked the world, we were immediately struck by the huge risk to Silicon Valley industry if people no longer trusted the security of American technology.

Six months later, the extent of the problem is being quantified: The Information Technology & Innovation Foundation estimates the hit to U.S. cloud computing providers at $35 billion over the next three years. Forrester analyst James Staten calculates tech losses at $180 billion by 2016.

Specifically, the Valley has to cut off campaign contributions to politicians who don’t get it.

That means you, President Obama. And you, Sen. Dianne Feinstein. Both are standing firm on the NSA’s right to break into anything anywhere under the umbrella of fighting terrorism.

At a minimum, the president fails to understand the urgency of resolving this crisis. He promised last week to propose reforms to restore Americans’ trust in intelligence agencies — but he made the same promise six months ago at a press conference in San Jose.

Sen. Patrick Leahy, the Vermont Democrat who chairs the Senate Judiciary Committee, and Rep. James Sensenbrenner, the Wisconsin Republican who chairs the House Judiciary Committee, are showing some leadership. They’d better because they helped create this mess.

Leahy and Sensenbrenner were the leading authors of the Patriot Act. Now they recognize that “the dragnet collection of millions of Americans’ phone records every day — whether they have any connection at all to terrorism — goes far beyond what Congress envisioned or intended to authorize. More important, we agree it must stop.”

They have introduced a bill to end data collection except from Americans suspected of being a security threat. It’s a start, but it won’t restore trust in U.S. technology products.

And it doesn’t address the separate but also serious problem of private technology companies gathering and using consumers’ data, often without their knowledge.

For all these reasons, it’s time to draft a comprehensive Internet Bill of Rights.

The term is tossed around a lot. We see it as giving consumers reasonable guarantees that they can keep their data private if they choose. They also need guarantees to full access to information and communication via the Internet.

This isn’t just about Americans. The tech industry is global, and the market losses predicted from NSA activity are largely overseas.

Even some close allies are working on strict rules for U.S. tech companies’ use of their citizens’ data because of the NSA’s intrusive behavior. Brazil plans to build a fiber-optic cable to Europe so it can route Internet traffic away from the United States. Germany is working on programs to keep users’ data within its borders.

The tech industry’s own shortcomings on privacy compound the NSA problem. They fight requirements to disclose how they use personal information for profit. It’s true that users can avoid this by declining to use a browser or application — but so much of our work and personal lives involve online activity, that’s becoming a meaningless option.

Tech companies may not be using data in a nefarious way. Maybe the NSA isn’t, either. That’s not the point. When Americans turn on their smartphones, laptops and tablets, they should know the extent to which both the government and private companies are tracking their activity. And they should know how the information is being used.

Silicon Valley was built on the belief that easier access to information improves people’s lives and makes the world a better place. That belief now is called into question, not just by Americans but by world markets that drive our own economy. It’s up to the United States to resolve it.